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In the claims: 

1. (currently amended) A method for establishing a secure transmission channel from a user 
process of a first node to a user p rocess of a second node comprising: 

sending a key, identification of the first node, and identification of the second node from a 
seewe-hardware of the first node accessible only bv a kernel agent of the first node t o a secur e 
hardware of the second node accessible only bv a kernel agent of the second node, such that the 
key is inaccessible by all user processes running on the first node and unauthorized processes 
running on the first node are unable to send unauthorized messages through the secur e hardware 
of the first node; 

receiving the key, identification of the first node, and identification of the second node by 
the secure hardware of the second node; 

verifying the identification of the first node and the identification of the second node by the 
s e cur e hardware of the second node; and, 

storing the key at the s e cur e hardware of the second node, such that the key is inaccessible 
by all user processes running on the second node, 

wherein the s e cur e hardware of the first hardware and the se cur e hardware of the second 
node establish a channel over which the user p rocess of the first node and the user p rocess of the 
second node are able to communicate. 

2. (cancelled) 

3. (original) The method of claim 1, wherein each of the first node and the second node 
comprises one or more partitions, each partition corresponding to an operating system instance. 
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4. (currently amended) The method of claim 3, wherein the user p rocess of the first node 
comprises a process running in one of the one or more partitions of the first node. 

5. (currently amended) The method of claim 4, wherein the identification of the first node 
comprises at least one of identification of the usCT_process running in the one of the one or more 
partitions of the first node, and identification of the one of the one or more partitions of the first 
node. 

6. (currently amended) The method of claim 3, wherein the identification of the second node 
comprises at least one of identification of the user p rocess running in one of the one or more 
partitions of the second node, and identification of the one of the one or more partitions of the 
second node. 

7. (currently amended) The method of claim 1 , wherein each of the se cur e h ardware of the 
first node and the hardware of the second node comprises a connection management mechanism. 

8. (currently amended) The method of claim 1, wherein verifying the identification of the 
first node and the identification of the second node by the s e cure hardware of the second node 
comprises verifying the identification of the first node and the identification of the second node in 
a channel state table accessible by the seeufe-hardware of the second node and inaccessible by all 
the user processes of the second node. 

9. (cancelled) 

10. (currently amended) The method of claim 1, further comprising: 
creating a message at the user p rocess of the second node; 
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sending the message, the key, the identification of the first node, and the identification of 
the second node from the s e cur e h ardware of the second node to the secure h ardware of the first 
node; 

receiving the message, the key, the identification of the first node, and the identification of 

the second node by the seeufe-hardware of the first node; 

verifying the key at the secure-hardware of the first node; and, 

processing the message at the user p rocess of the first node, where the key has been 

successfully verified at the secure-hardware of the first node. 

11. (currently amended) A computerized system comprising: 

a first secure connection management hardware mechanism at a first node to maintain first 
keys for secure communication to first user p rocesses running in one or more partitions of the first 
node from second user processes running in one or more partitions of a second node, the first 
keys inaccessible by all user_processes running on the partitions of the first node and running on 
the partitions of the second node, each first key used for secure communication to one of the first 
processes from one of the second user processes, and unauthorized processes running on the first 
node are unable to send unauthorized messages through the first secure connection management 
hardware of the first node; and, 

a second secure connection management hardware mechanism at the second node to 
maintain second keys for secure communication to the second user processes from the first user 
processes, the second keys inaccessible by all user p rocesses running on the partitions of the first 
node and running on the partitions of the second node, each second key used for secure 
communication to one of the second user p rocesses from one of the first user p rocesses. 

wherein the first and the second secure connection management hardware mechanisms 
establish a channel over which the first user p rocesses and the second user p rocesses are able to 
communicate. 
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12. (currently amended) The system of claim 11, further comprising: 

a first key table at the first node to store the first keys, the first key table accessible by the 
first secure connection management hardware mechanism but inaccessible by the first user 
processes; and, 

a second key table at the second node to store the second keys, the second key table 
accessible by the second secure connection management hardware mechanism but inaccessible by 
the second user p rocesses. 

13. (currently amended) The system of claim 1 1, further comprising: 

a first connection table at the first node and accessible by the first secure connection 
management hardware mechanism and the first user p rocesses, the first connection table having a 
number of first entries, each first entry identifying one of the first user processes, one of the 
second user p rocesses with which the one of the first user processes is securely communicating, 
and one of the one or more partitions of the second node in which the one of the second user 
processes is running; and, 

a second connection table at the second node and accessible by the second secure 
connection management hardware mechanism and the second user p rocesses, the second 
connection table having a number of second entries, each second entry identifying one of the 
second user p rocesses, one of the first user processes with which the one of the second user 
processes is securely communicating, and one of the one or more partitions of the first node in 
which the one of the first userprocesses is running. 

14. (currently amended) The system of claim 13, further comprising: 

a first key table at the first node having a number of first key entries, each first key entry 
corresponding to a first entry of the first connection table and storing one of the first keys, the 
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first key table accessible by the first secure connection management hardware mechanism but 
inaccessible by the first user p rocesses: and, 

a second key table at the second node having a number of second key entries, each second 
key entry corresponding to a second entry of the second connection table and storing one of the 
second keys, the second key table accessible by the second secure connection management 
hardware mechanism but inaccessible by the second user p rocesses. 

15. (currently amended) An article comprising: 

a computer-readable recordable data storage medium; and, 

means in the medium for maintaining keys for secure communication to first processes 
running in one or more partitions of a first node from second processes running in one or more 
partitions of a second node, the keys inaccessible by all user processes, each key used for secure 
communication to one of the first user p rocesses from one of the second user p rocesses. 

wherein unauthorized processes are unable to send unauthorized messages. 

16. (currently amended) The article of claim 15, wherein the means in the medium is further 
for storing the keys in a key table inaccessible by all the fifst user processes. 

1 7. (currently amended) The article of claim 15, wherein a connection table at the first node is 
accessible by the means in the medium and the first user p rocesses, the connection table having a 
number of entries, each entry identifying one of the first user processes, one of the second user 
processes with which the one of the first processes is securely communicating, and one of the one 
or more partitions of the second node in which the one of the second user processes is running. 

18. (currently amended) The article of claim 17, wherein a key table at the first node is 
accessible by the means in the medium but inaccessible by the first user p rocesses, the key table 
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having a number of key entries, each key entry corresponding to an entry of the connection table 
and storing one of the keys. 

19.-20. (cancelled) 
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